This section lists the network security related declarations. It is important to understand the declarations to eliminate any related and consequential security risks.
Risk & Mitigation
CLI Verify tool allows users to use RSA1024 or RSA2048 with SHA1 or SHA256 for verifying Digital Signatures.
RSA1024 and SHA1 are considered to be unsafe and so are not recommended for use. From VPP V300R003C20 SPC100 version of Verify tool, a configuration (EnableSecurityWarning) is added . By default this configuration is enabled and a notification is issued to the users when they perform Verification Operations using these unsafe algorithms.
For releases provided to M2000 PDT alone, this configuration will be disable by default as specially requested by their security SE.